Parse CSR

Input
Output
Example CSR

Sample PEM-encoded CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMCgPk5aKjJqPK7VRnHqLXvQN5bPJ9v8RjXxQkFz
...
-----END CERTIFICATE REQUEST-----
đź’ˇ CSR Structure Overview:
  • Subject: Distinguished Name (DN) of the certificate requester
  • Public Key: RSA/ECDSA/DSA public key information
  • Signature Algorithm: Hash and encryption algorithm used
  • Signature: Digital signature of the CSR
  • Requested Extensions: Optional X.509 extensions (Basic Constraints, Key Usage, etc.)

Note: This tool parses PEM-encoded CSRs and extracts all fields for inspection.

Properties
Analyse a Certificate Signing Request (CSR) to view details

This tool parses PEM-encoded Certificate Signing Requests (CSR) and extracts subject information, public key details, signature algorithm, signature value, and requested X.509 extensions. Supports RSA, ECDSA, and DSA public keys.

Analyse CSR Restart

Parse CSR: The Online CSR Parser for SSL/TLS Professionals

Why Parse a Certificate Signing Request (CSR)?

Before you can obtain an SSL/TLS certificate from a Certificate Authority (CA) like Let's Encrypt, DigiCert, or Sectigo, you must generate a Certificate Signing Request (CSR). A CSR is an encoded block of text (typically in PEM format) that contains your public key and your organization's identifying information (the Subject).

Because a CSR is Base64-encoded, it is completely unreadable to the human eye. If you generate a CSR using OpenSSL or a control panel but make a typo in your domain name, your final SSL certificate will be invalid.

Our online CSR Parser instantly decodes your PKCS#10 formatted request. It allows you to verify critical details—such as the Common Name (CN), Organization (O), Locality (L), and Subject Alternative Names (SANs)—before you submit it to a CA, saving you time and preventing costly certificate reissuance.

Engineered for Security: 100% Client-Side Decoding

Even though a CSR only contains public information (it does not contain your private key), practicing strong Operational Security (OPSEC) means you should never casually upload cryptographic files to random servers. We never transmit, save, or log your CSR text or your domain information. The ASN.1 parsing engine runs completely offline within your web browser's local sandbox. Because no data is sent to a remote API, the decoding process happens instantaneously.

How to Decode a CSR Online?

Verifying your Certificate Signing Request is fast and simple:

  1. Paste Your CSR: Copy your entire CSR text, including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- header and footer tags, and paste it into the input box.

  2. Instant Parsing: Our local JavaScript engine immediately decodes the Base64/ASN.1 structure.

  3. Verify the Data: The tool will automatically display the parsed fields:

    Common Name (CN): Ensure the primary domain name is spelled correctly (e.g., www.example.com).

    Subject Alternative Names (SANs): Verify that all additional domains or subdomains are listed if you are applying for a Multi-Domain/UCC certificate.

    Organization Details: Check your Company Name, City, State, and Country codes.

    Public Key Info: Confirms the key algorithm (e.g., RSA or ECDSA) and key size (e.g., 2048-bit or 4096-bit).

Frequently Asked Questions (FAQ)

  • Q: Does my CSR contain my Private Key?

    A: No. A properly generated CSR strictly contains your Public Key and your identity information. Your Private Key must remain strictly on your server and should never be shared with anyone, not even your Certificate Authority. (Note: If your file starts with BEGIN PRIVATE KEY, do NOT paste it here. Keep it safe!)

  • Q: How can I view a CSR using the OpenSSL command line instead?

    A: If you prefer using terminal commands over an online GUI, you can easily parse and view a CSR locally using OpenSSL. Simply run the following command: openssl req -in your_domain.csr -noout -text

  • Q: Why does my CSR look like a random block of characters?

    A: Standard CSR files are encoded using the ASN.1 standard according to the PKCS#10 specification, and then Base64-encoded into PEM format so they can be easily copied and pasted in emails or web forms. Our parser simply reverses this encoding to show you the readable text.

  • Q: What happens if the CSR Parser shows an "Invalid Format" error?

    A: This usually means the pasted text is missing the required --BEGIN-- and --END-- headers, or the Base64 structure has been corrupted by hidden spaces or line breaks. Ensure you have copied the raw text exactly as it was generated.

Featured Tools

Featured tools that you might find useful.

Popular Tools

List of popular tools that users love and frequently use.

New Tools

The latest tools added to our collection, designed for you.

Topics

The tools grouped by topics to quickly find what you need.
JSONPath Parser is a free online tool used to parse JSON data.

JSONPath Parser

JSONPath Parser is a free online tool used to parse JSON data.
Base64 File Converter is a handy and useful online tool that allows you to convert any file to a Base64 encoded string, or decode a Base64 encoded string to a file.

Base64 File Converter

Base64 File Converter is a handy and useful online tool that allows you to convert any file to a Base64 encoded string, or decode a Base64 encoded string to a file.
Discover the strength of your password with this client side only password strength analyser and crack time estimation tool.

Password Strength Analyser

Discover the strength of your password with this client side only password strength analyser and crack time estimation tool.
Generate random port numbers outside of the range of

Random Port Generator

Generate random port numbers outside of the range of "known" ports (0-1023).